Privacy & Civil Liberties Engineering

Palantir is a mission-focused company. Our team is dedicated to working for the common good and doing what's right, in addition to being deeply passionate about building great software and a successful company.

Palantir was founded on the conviction that it's essential to preserve fundamental principles of privacy and civil liberties while using data. Our earliest work in counter-terrorism required us to ask whether we could meaningfully strengthen national security in the US without weakening constitutional privacy protections. In response, we invested financial and intellectual capital to build technology that is now trusted by the world's most stringent — and skeptical — data protection regimes.

Our culture of open and critical discussion around the implications of our technology ensures that we remain true to that initial conviction, even as the nature of data and the environments where we operate evolve. From their first day, new Palantirians are trained to ask: "Do I want to live in the kind of world that the technology we're building would enable?"

To help our engineers and business leaders answer this question affirmatively, we:

1
Adhere to a set of principles that guide our technical and business decisions.
2
Invest in building technology that promotes responsible data usage.
3
Employ and empower a team of Privacy and Civil Liberties Engineers.
4
Engage with independent experts in privacy law, policy, and ethics.

As we build and implement technology to answer questions of increasing significance and complexity, we follow a set of principles that help us ensure we are doing so responsibly.

  • Systems should incorporate principles of “privacy by design". Our goal has always been to eliminate the perceived tradeoffs between privacy and utility. To do so, we treat privacy as a first-order concern at every stage of the engineering process and build privacy features as core capabilities in our platforms, seamlessly integrated with analytical and collaboration tools.
  • Decisions that can affect individuals' rights to freedom, opportunity, and happiness cannot be left solely to computers. Our customers are using data to inform decisions with significant implications for individuals. Rather than relying on algorithms that inhibit accountability and redress, we always build in means for humans to make necessary judgment calls based on their context and intuition.
  • Systems must facilitate accountability and oversight. Effective privacy protection entails multi-layered, overlapping policies and procedures to reassure the protection of fundamental rights. We design our platforms to support these policies with mechanisms that control usage, alert users to data handling requirements, and generate information for those responsible for oversight.
  • Technology is not the answer to every problem. Some decisions carry implications that are too complex or significant to be automated or streamlined, even with a human in the loop. We strive to contextualize major world problems and think critically about whether it's possible to engineer complementary solutions in an ethically responsible way. When the answer is no, we turn the opportunity down.

Privacy and civil liberties engineering is an evolving field, and every organization is subject to unique requirements and concerns. The ways in which these principles are realized will differ among products and organizations. But the end goal should be the same: developing and implementing technology with a full understanding of its potential effects on fundamental rights and incorporating technical capabilities that can support responsible data handling policies.

At Palantir, we build software platforms that help our customers integrate and analyze their own data in ways that are consistent with legal and ethical considerations. As a company, we do not collect data, sell data, or facilitate unauthorized sharing of data among customers or any other parties.

Over ten years of building products to enable responsible use of data, we've developed several privacy-enhancing technologies that are now core to the Palantir platforms. These features let organizations control and oversee access to their data in increasingly sophisticated and flexible ways.

Access controls

Our platforms provide highly granular access restrictions with subtle and flexible access permissions, such as temporal and purpose-based limitations. This allows for precision data management - even, at times, across multiple, independent databases - that closely aligns access with purpose specifications. A user sees only the specific information necessary for a defined task (e.g., investigating a specific crime or determining whether to extend credit to an individual), and only long enough to complete the task.

Federation

Federation allows users to search and analyze data from multiple, independent databases without duplicating and centralizing data in a single place. Our platforms provide intelligent query interfaces that abstract away the complexity of federation so users can access the information they need without requiring that its source be integrated directly into their organization's Palantir instance.

Audit logging and analysis

User actions within a system must be recorded to ensure that authorized oversight entities, both internal to an organization and external, can confirm that data is being used appropriately and in conformity with applicable law. Our platforms maintain audit logs and make them accessible to (and readable by) authorized users to help them proactively identify misuse of systems.

Data integrity and redress

Our platforms track the provenance and version history of all data in the system as it is, allowing users and data subjects alike to assess the reliability of the data and where necessary review and correct inaccuracies. Providing users with well-curated, up-to-date data reduces the risks of erroneous conclusions that might lead to anything from mild inconvenience to serious and costly legal ramifications for an individual.

Data retention and deletion

System users must be able to implement flexible and auditable retention policies and verify that data flagged for deletion has truly been purged from the system. Our platforms allow organizations to ensure that old or irrelevant information is removed as required by data management best practices or even regulations backed by significant fines for noncompliance.

Every Palantirian plays a role in our commitment to protecting privacy and civil liberties. In addition, we employ an interdisciplinary team of engineers, lawyers, and philosophers who take the lead. The Privacy and Civil Liberties Engineering team shares a broad range of responsibilities, including:

  • Working with Product Development and Business Development to design, build, and implement technology that promotes the protection of privacy and civil liberties
  • Keeping up with advances in technology to understand the benefits and risks they pose to privacy and civil liberties
  • Identifying the implications of developments in privacy and data protection law and policy for our customers around the world
  • Helping our customers implement data handling practices and analytical techniques to comply with requirements for privacy, security, and data integrity
  • Training Palantirians to spot potential privacy and civil liberties concerns and working to address them collaboratively
  • Facilitating internal dialogue on privacy issues and current events as they relate to our work

Our government, commercial, and philanthropic customers around the world are at the cutting edge of some of the most challenging privacy and civil liberties questions of our time. When should usage of open source data such as social media information be curtailed in the interests of protecting privacy and freedom of speech? What data should law enforcement information systems generate to enable effective oversight and ensure accountability to governments and to the public? How do you ensure that sensitive medical information is only available to researchers who need to see it and only used for the purposes for which a patient gave consent?

Our Privacy and Civil Liberties team leads us in navigating these questions thoughtfully, with their broadest implications in mind. The following examples describe how we've responded to some of these challenges:

  • Palantir serves as the Danish National Police's central analytic system. Scandinavia has long been at the forefront of data protection, and Palantir provides capabilities to ensure that their rigorous privacy policies are being implemented effectively.
  • A multi-jurisdictional US law enforcement program deployed Palantir to facilitate the use of Automated License Plate Reader (ALPR) data in analysis. When we were awarded the contract, there was no law on the books governing the use of this relatively new information source. Recognizing the implications of ALPR data on privacy, we worked with the program to develop an elective Privacy Impact Assessment (PIA) and a formal program Privacy Policy governing use of ALPR data. These documents anticipated requirements that were ultimately codified in a subsequent bill governing ALPR use across law enforcement agencies in the state. When the bill was signed into law, our efforts to proactively address privacy concerns meant that there was little left to do to bring the use of Palantir's products into compliance.
  • The team works closely with our Philanthropy Engineering team to give our humanitarian partners the resources they need to safeguard the data of already vulnerable populations. These case studies from our 2016 Philanthropy Engineering Annual Report provide insight into how we help our partners navigate questions about how the use of data affects their missions and the populations they serve.

In 2012, we created the Palantir Council of Advisors on Privacy and Civil Liberties (PCAP), a group of independent experts in privacy law, policy, and ethics who help us understand and address the complex issues we encounter in the course of our work. In 2014 we expanded the PCAP include a group of international advisers to help us navigate the European and broader International data privacy landscapes.

The Palantir PCL team meets with the US and International PCAP groups regularly for discussion and exchange, including on such topics as:

  • New developments in privacy law, policy, and technology
  • Technical and procedural strategies to mitigate risks to privacy and civil liberties
  • Opportunities to enhance the privacy and civil liberties protections built into our products

In addition to our regular meetings, the PCL team often consults members of the PCAPs on an ad hoc basis to consider issues as they arise.

PCAP Membership

Bryan Cunningham – The founder of Cunningham Levy LLP, Bryan is a privacy, cybersecurity, and data protection lawyer and long-time senior counsel to Palantir. Bryan serves as the Executive Director of the PCAP.

Alex Deane – Managing Director at FTI consulting. Alex was a founder of Big Brother Watch, a prominent U.K. privacy and civil liberties advocacy organization. Alex previously served as Chief of Staff to David Cameron and Tim Collins during their respective terms as Shadow Secretaries of State for Education.

Susan Freiwald – A law professor at the University of San Francisco who frequently participates in electronic surveillance legislation and litigation efforts.

Robert Gellman – A privacy and information consultant who worked for nearly two decades on privacy issues in the U.S. Congress.

Chris Hoofnagle – Chris holds dual appointments as adjunct professor in the University of California Berkeley School of Law and the School of Information (where he is resident).

Nancy Libin – Partner at Jenner & Block, former Chief Privacy and Civil Liberties Officer of the U.S. Department of Justice, and former Counsel to then-Senator Joseph Biden on the Senate Judiciary Committee and at the Center for Democracy and Technology.

Sylvain Métille – Partner at the Swiss law firm HDC where he specializes in data protection, surveillance, and IT law. Sylvain also lectures on computer crime at Lusanne University.

Stephanie Pell – A private consultant specializing in privacy and civil liberties issues who formerly served in the Department of Justice as an Assistant US Attorney and later as Senior Counsel to the Deputy Attorney General.

Alexander Pretschner - Software Engineering Chair in the Department of Informatics at Technische Universität München, where his research focuses on testing and distributed data usage control.

Priscilla Regan - Professor in the Schar School of Policy and Government at George Mason University where she focuses on the analysis of the use of new information and communications technologies. Pris is the author of Legislating Privacy: Technology, Social Values, and Public Policy among many other scholarly works.

Dan Solove – A law professor at George Washington University, author, and founder of TeachPrivacy, a company that designs privacy and security training programs.

Tim Sparapani - Former Senior Privacy and Immigration Rights Counsel at the American Civil Liberties Union and he was the first Director of Public Policy at Facebook. Tim now runs his own privacy consultancy firm, SPQR Strategies.

Nico van Eijk – Professor of Media and Telecommunications Law and the Director of the Institute for Information Law at the University of Amsterdam. Nico is an expert in legal and technical topics related to privacy and civil liberties.

Daniel Weitzner – Founding Director, MIT Internet Policy Research Initiative, former White House Deputy Chief Technology Officer for Internet Policy and Co-founder of the Center for Democracy and Technology.

The PCAP is advisory only, and members are compensated for their time. The PCAP is neither asked nor expected to agree with and/or endorse decisions made by Palantir.

Discussions with PCAP members are confidential.